July 10, 2002 10 Arrested in Federal Investigation of Internet Child Pornography Federal prosecutors in Manhattan and Brooklyn announced the arrests yesterday of 10 people in a continuing investigation of a child-pornography ring on the Internet. The authorities have called the investigation Operation Candyman, after the name of an Internet Web site that the F.B.I. says was used to display and trade child pornography and that it shut down in February 2001. The investigation was first announced by Attorney General John Ashcroft in March, and has resulted in the arrests of more than 100 people nationwide, including 35 people in the New York City area, prosecutors said. http://www.nytimes.com/2002/07/10/nyregion/10PORN.html - - - - - - - - al-Qaeda poised to strike hard via the Internet Every few months some naive twinkie in the mainstream press re-writes the government's urban myth of terrorists slithering through cyberspace, preparing to blow up a small city with the awesome power of the computer mouse. Lately the frequency of these press infomercials has been increasing, most likely in response to a Federal PR campaign supporting Dubya's sales pitch for a new Department of Homeland Defence, a piece of bureaucratic window-dressing engineered to produce a nation-wide illusion of safety. http://www.theregister.co.uk/content/6/26134.html - - - - - - - - Militants Wire Web with Links to Jihad Islamic Groups Earlier this year, officials say, they found nearly 2,300 encrypted messages and data files in a password-protected section of an Islamic Web site. One Web site urges Muslims to travel to Pakistan to "slaughter American soldiers." Another solicits donations to buy dynamite to "blow up Israeli Jews." A third shows previously unaired videotape of Osama bin Laden and promises film clips of American casualties in Afghanistan. http://www.newsfactor.com/perl/story/18535.html - - - - - - - - Dutch ban virtual kinderporno Dutch legislators have made it a criminal offence to digitally create faked images of child pornography in a move that strengthens the country's existing laws against child abuse. The Netherlands already has laws against paedophiles who create and distribute images of child abuse, but these measures require the "physical involvement of children" for such acts to be a criminal offence. http://www.theregister.co.uk/content/6/26132.html - - - - - - - - Tech shores up Homeland Security Computer security is becoming an increasingly critical part of President Bush's proposal for a homeland defense department. When Bush formally proposed the department last month, he predicted that the future agency would aid in investigating Al Qaeda and thwarting disasters similar to those of Sept. 11. In the televised address, he never mentioned the Internet or so-called cybersecurity. But as Capitol Hill scrutinizes the proposal, politicians are fretting about tech-savvy terrorists--and insisting any new agency must shield the United States from electronic attacks as well. http://zdnet.com.com/2100-1105-942709.html The tech side of homeland defense http://news.com.com/2009-1023-942766.html Homeland Security Department would face cybersecurity problems, GAO warns http://www.gcn.com/vol1_no1/daily-updates/19256-1.html Homeland Defense Focuses on High-Tech Threats http://www.newsfactor.com/perl/story/18549.html - - - - - - - - Bush security could get privacy czar President Bush's proposed Department of Homeland Security is likely to get its own privacy czar. A panel in the House of Representatives is scheduled to vote this week on a plan to add a chief privacy officer to the planned agency. A draft of the legislation seen by CNET News.com states that the Secretary of Homeland Security must appoint a privacy officer to ensure that new technologies "sustain and do not erode" privacy protections and to verify that the agency's massive databases operate within federal guidelines. http://zdnet.com.com/2100-1105-942758.html - - - - - - - - California Effort Targets Internet Crooks In 2001, the Internet Fraud Complaint Center received 49,711 complaints that include unsolicited e-mail and child pornography. The most reported offense is Internet auction fraud. The solicitation that popped up on thousands of computer screens sounded too good to be true. Tri-West Investment Club offered a guaranteed high return with no risk of loss by purchasing "promissory bank notes." http://www.ecommercetimes.com/perl/story/18525.html - - - - - - - - Web site censored over pictures of traffic wardens Traffic wardens in Canterbury, Kent say they have been "harassed, alarmed and distressed" by a Web site lampooning their activities. Local residents set up the site Canterbury Parking Clowns to protest at the parking policies of Canterbury City Council and its "over zealous [traffic] wardens". http://www.theregister.co.uk/content/6/26104.html - - - - - - - - ISPs face data interception deadline From 1 August, ISPs in the UK will be required to be able to intercept your data. Yet the Home Office has failed to explain how they will be reimbursed. And the rules mean that criminals will easily be able to avoid interception. ISPs across the UK will have to start intercepting and storing electronic communications including emails, faxes and Web surfing data from 1 August, but there still appear to be glaring loopholes in the legislation. http://news.zdnet.co.uk/story/0,,t269-s2118894,00.html - - - - - - - - Aussie company fights back against online fraud In the last seven days, online computer hardware retailer Mattatech has been to the brink of bankruptcy due to credit card fraud, and is keen to share its experience to help other companies in the same boat. Brett Boshier is the managing director of Sydney-based Mattatech, an online company that exports computer equipment worldwide. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20266564,00.htm - - - - - - - - Security flaw afflicts popular technology for encrypting e-mail The world's most popular software for scrambling sensitive e-mails suffers from a programming flaw that could allow hackers to attack a user's computer and, in some circumstances, unscramble messages. The software, called Pretty Good Privacy, or PGP, is the de facto standard for encrypting e-mails and is widely used by corporate and government offices, including some FBI agents and U.S. intelligence agencies. The scrambling technology is so powerful that until 1999 the federal government sought to restrict its sale out of fears that criminals, terrorists and foreign nations might use it. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3638319.htm http://www.nandotimes.com/technology/story/462401p-3698868c.html http://www.msnbc.com/news/778746.asp - - - - - - - - Spam: The last crusade Nobody really likes spam. But what do you do when the cure is worse than the disease? If last month's column taught me anything, it's never to question people's religious beliefs. Apparently, if I disagree with someone's opinions--especially about something that attracts as much fundamentalist devotion as Linux--then I can't write, am stupid, can't use a slide rule let alone a computer, don't understand logic, and wear women's underwear. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2873539,00.html - - - - - - - - Who's afraid of digital rights management? Microsoft's announcement of its "Palladium" project has generated a lot of negative comments in the technology community. As an implementation of specifications put together by the "Trusted Computing Platform Alliance" (TCPA) lead by Intel, it uses public key cryptography to identify the originator of code or data located on a system (among other things). On the one hand, this could potentially make it harder for viruses to get a toehold on your system. http://zdnet.com.com/2100-1107-942712.html Microsoft's Palladium: What the heck is it? http://zdnet.com.com/2100-1107-942699.html - - - - - - - - Liberty Alliance set to battle Passport Sun Microsystems and its allies will unveil the detailed workings of their Liberty Alliance specification Monday, providing competition to Microsoft's Passport service for easing the hassle of logging on to different Web sites. Eric Dean, chief information officer of United Airlines and chairman of the Liberty Alliance Project, will release the technical specification at the Burton Group Catalyst Conference, the group said in an advisory. http://zdnet.com.com/2100-1104-942756.html http://news.zdnet.co.uk/story/0,,t269-s2118897,00.html http://news.com.com/2100-1001-942754.html http://www.msnbc.com/news/778635.asp - - - - - - - - Cyberterrorists don't care about your PC Hackers have broken into financial institutions' computer systems, and put popular Web sites temporarily out of business with distributed denial-of-service attacks. But this is not the sort of thing that keeps most security experts up late at night. What keeps them awake is worrying about the underlying systems that control the local power grids, the local drinking water treatment facilities, and the gas that's used to heat our homes. These resources are vulnerable, and a malicious user anywhere in the world could someday bring your day to a screaming halt--whether or not you use a computer. http://zdnet.com.com/2100-1107-942701.html - - - - - - - - Steal This Software In Asia, intellectual property rights are not held in the same regard as in the United States and other copyright-minded countries, according to IDC's Dan Kusnetzky. The word "piracy" used to conjure up images of marauders on the high seas, with skull-and-crossbones flag flapping above a battered -- yet potentially deadly -- vessel. Today's pirates, on the other hand, tend to steal software. They may not have knives in their teeth, but there is ill-gotten booty in their holds nonetheless. http://www.newsfactor.com/perl/story/18531.html - - - - - - - - Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough This paper discusses IRC-based trojans as a distinctly underestimated class of malicious activity, and how real time security event monitoring is the key to identifying and containing similar compromises. It discusses the general methodology used to discover, track, and stop such malicious activity by presenting a real-world case study. http://online.securityfocus.com/infocus/1605 - - - - - - - - Is your storage encrypted? You're exposing yourself to significant risk as long as the data on your network (data in transit) and in your storage (data at rest) is not encrypted. That's what a paranoid security specialist will tell you. Is it true? That depends on the sensitivity of your data and on any government regulations that require the data to be encrypted--in the healthcare industry, for example. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2873532,00.html *********************************************************** Search the NewsBits.net Archive at: http://www.newsbits.net/search.html *********************************************************** The source material may be copyrighted and all rights are retained by the original author/publisher. The information is provided to you for non-profit research and educational purposes. Reproduction of this text is encouraged; however copies may not be sold, and NewsBits (www.newsbits.net) should be cited as the source of the information. Copyright 2000-2002, NewsBits.net, Campbell, CA.